stackoom
  简体   繁体   中英

Does url-shortening prevent XSS attack?

 原文  2019-08-03 08:00:54       javascript/ xss/ short-url

Question

Since document.cookie gets the current web page cookies, if I put my XSS payload in a URL shortener website, it will not work, right?

I mean it will get the cookies of that URL shortener website, not the target. Is this right?
I don't mean the URL shorteners are doing it on purpose, I mean is it a side effect of using short url?

2 answers

solution1
 1 ACCPTED  2019-08-03 08:40:27

URL shortener normally only redirects your request to a different server, they do not proxy that request. The idea of the URL shortener is to keep the complete URL and just make it shorter alias.

So it won't prevent XSS attack (at least not the majority of XSS attack types)

solution2
 0  2019-08-03 08:09:34

It depends on how your short url works. If your short url passing get parameter, your site still affected by XSS attack.

Usually XSS attack inject from url parameter. Especially if you load the parameter without any string escape and execute to html or run in javascript.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question prevent url from xss attack in javascript XSS Attack for Modifying the URL href security, prevent xss attack Simulating an XSS attack does not work How to prevent XSS attack from the ASP Can i prevent an XSS attack by using a session? XSS attack from url get variable How to protect against Encoded URL XSS Attack Does the following error log xss attack? Does 'innerText' prevent XSS?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM